etc.

Posted on May 6, 2019 by John Humphreys

Failure Overview

I lost a good portion of last week fighting dropping traffic / intermittent connection issues in a basic tier azure load balancer. The project this was working on had been up and running for 6 months without configuration changes and had not been restarted in 100 days. Restarting it did not help, so clearly something had changed about the environment. It also started happening in multiple deployments in different azure subscriptions, implying that it was not an isolated issue or server/etc related.

Solution

After doing a crazy amount of tests and eventually escalating to Azure support, who reviewed the problem for over 12 hours, Azure support pointed out this:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview#types

“Do not translate or proxy a health probe through the instance that receives the health probe to another instance in your VNet as this configuration can lead to cascading failures in your scenario. Consider the following scenario: a set of third-party appliances is deployed in the backend pool of a Load Balancer resource to provide scale and redundancy for the appliances and the health probe is configured to probe a port that the third-party appliance proxies or translates to other virtual machines behind the appliance. If you probe the same port you are using to translate or proxy requests to the other virtual machines behind the appliance, any probe response from a single virtual machine behind the appliance will mark the appliance itself dead. This configuration can lead to a cascading failure of the entire application scenario as a result of a single backend instance behind the appliance. The trigger can be an intermittent probe failure that will cause Load Balancer to mark down the original destination (the appliance instance) and in turn can disable your entire application scenario. Probe the health of the appliance itself instead.”

I was using a load balancer over a scale set, and the load balancer pointed at HaProxy, which was designed to route traffic to the “primary” server. So, I wanted Azure’s load balancer to consider every server up as long as it could route to the “primary” server, even if other things on this server specifically were down.

But having the health probe check HAProxy meant that the health probe was routed to the “primary” server and triggered this error.

This seems like an Azure quirk to me… but they have it documented. Once I switched the health probe to target something not routed by HaProxy the LB stabilized and everything was ok.

HA Proxy + Centos 7 (or RHEL 7) – Won’t bind to any ports – SystemD!

Posted on January 3, 2019 by John Humphreys

What are the Symptoms?

This has bitten me badly twice now. I was deploying Centos 7.5 servers and trying to run HA Proxy on them through SystemD (I’m not sure if it is an issue otherwise).

Basically, no matter what port I use I get this message:

Starting frontend main: cannot bind socket [0.0.0.0:80]

Note that as I was too lazy to set up separate logging for the HAProxy config, I found this message in /var/log/messages with the other system messages.

Of course, seeing this your first thought is “he’s running another process on that port!”… but nope. Also, the permissions are set up properly, etc.

What is the Problem?

The problem here is actually SE Linux. I haven’t quite dug into why, but when running under SystemD, SELinux will deny access to all ports for HAProxy unless you go out of your way to allow it to access them.

How Do We Fix It?

The fix is very simple thankfully, just set this selinux boolean as a root/sudo user:

sudo setsebool -P haproxy_connect_any 1

…and voilà! if you restart your HAProxy it will connect fine. I spent a lot of time on this before I found a decent documentation and forum references in these places. I hope this helps you fix it faster! I also found a stack-overflow eventually… but the accepted/good answer is like 10 down so I missed it the first pile of times.

Presto Coordinator High Availability (HA)

Posted on December 29, 2018 by John Humphreys

Quick Recap – What is Presto?

Presto is an open-source distributed SQL query engine made by Facebook that runs as its own cluster. It is able to refer to an existing hive metastore and run queries on the hive tables in HDFS/etc itself using its own resources. It is much faster as it does everything in-memory rather than by using map-reduce. It can connect to numerous data sources aside from hive as well (though I have only used it with Hive over Azure’s ADLS personally).

No High Availability

We started using Presto in an enterprise use case, and I was astounded to find out that it doesn’t have any high-availability (HA) built into it. Presto as a product is wonderful – it is fast, easy to set up, provides pretty solid query diagnostics, handles massive queries in a very stable manner, etc. So, the complete lack of a HA solution seems very strange given the strength of the product.

The critical component in Presto is the Coordinator, and it is a single point of failure. It is the brains of the operation; it parses queries, breaks them into tasks, controls where work gets scheduled, etc. Users only talk to the Coordinator node.

Coordinators vs Workers

Despite the importance of a coordinator, the only real differences between a coordinator and the rest of the worker nodes at a configuration level are that:

Coordinators specify that they are a coordinator.
Coordinators can run an embedded discovery server – all nodes in the cluster report to this discovery server (including the coordinator itself). This discovery server can actually be run separately from the coordinator as well if desired; I think the provision of an embedded one is relatively new. The discovery server is how the coordinator knows the full set of nodes it is managing.
Coordinators can choose whether or not they themselves are used to process queries (as opposed to just managing them).

Again, coordinators take client connections (e.g. JDBC, ODBC, etc), and they take queries from those connections, parse them, validate them, break them into tasks, and schedule them across the pool of available workers.

Workers just report to the discovery server and handle the tasks they are allocated.

HA Options

There is surprisingly little to find online about making Presto HA. The only two solutions that I’ve seen are:

Run multiple clusters behind a load balancer.
Run multiple coordinators and some form of proxy service to ensure only one is ever active at a time.

Both of these have challenges and/or drawbacks.

If you are running multiple clusters, you probably want them to be active/active so you don’t only use half of your nodes at a time. Handling this properly requires that your proxy service issue a redirect to the target cluster’s coordinator so that the client (e.g. JDBC connection) can re-send the request to that and talk to it directly. This will work, but you’ve still limited the maximum query size you can do as you split your nodes into 2 or more clusters, so they cannot all co-operate on very large queries.

Running multiple coordinators for HA is preferable as you get to combine all of your nodes into a single, large cluster that can attack large queries. It is not trivial to do though as if two coordinators operate at once, they can degrade and even deadlock the cluster. We’ll dig into how to run with multiple coordinators now.

Using Multiple Coordinators

If you want to set up Presto using multiple coordinators, here is the general approach:

Set up 2 or 3 nodes as coordinators.
Tell them to run their own discovery servers in their config.
Tell them to point at localhost for their own discovery server – this is quite important.
Tell them not to do work (It will keep things more stable, but unfortunately, that means that your cluster has less power. You’ll probably have far more workers than coordinators though, so it shouldn’t be an issue).
Install HA proxy on the coordinator nodes. Have all the coordinator nodes registered in order and make all but the first one a “backup”. So, for example, run HA Proxy port 8385 and run Presto on port 8321. All traffic will go to node #1 unless its down, in which case it will go to node #2, and so on.
Set up a load balancer in front of the coordinator nodes pointing at the HA proxy port and make sure traffic can get through.
Set up all worker nodes to target the load balancer for the discovery server. So, all workers target the load balancer, which goes to any coordinator, all of which redirect to the primary one. The primary coordinator always has all workers reaching it courtesy of HA proxy.
As each coordinator itself only reports to its localhost discovery server, coordinators will not end up talking to each other’s discovery servers and will not interfere with each other. Only one coordinator will ever have workers registered with it at a time.

Let Coordinators Use the Load Balancer?

If you let coordinators use the load balancer, then they will all end up at the primary coordinator’s discovery server. Now… I have seen people online saying that they ran all nodes as coordinators (e.g. in the linked Gooogle Group conversations below) in which case this must be happening.

When I tried it though, I clearly got this warning from all the coordinators (and probably the workers too, but I didn’t check). It comes out once a second.

2018-12-29T01:38:01.479Z WARN http-worker-176 com.facebook.presto.execution.SqlTaskManager Switching coordinator affinity from awe4s to 9mdsu
2018-12-29T01:38:01.806Z WARN http-worker-175 com.facebook.presto.execution.SqlTaskManager Switching coordinator affinity from 9mdsu to awe4s

Someone in a Git Hub issue I forgot the link to stated that this means that the memory management may get muddled up, which sounds scary. I did provide a link to the warning in code below which somewhat verifies this.

So, maybe it is a disaster, or maybe it’s harmless – but in any case, I didn’t want warning messages coming at me once a second that looked this bad. So, I opted to only have each coordinator talk to its own discovery server, which makes them 100% idle (not processing anything) unless they are the current primary coordinator. This waste is unfortunate, but as we’ll have far more workers than coordinators, it’s not the end of the world.

Drawbacks

This will keep your cluster running in the event that a coordinator fails. Any active queries at the time a coordinator fails will fail though – we can’t do anything about that unless Presto starts supporting HA internally. Also, the fail-over period will be very much tied to your HA proxy configuration and your load balancer health checks (mine takes around 30 seconds using an Azure load balancer and HA proxy, I’ll be looking to reduce that).

Useful Links

https://www.haproxy.com/blog/emulating-activepassing-application-clustering-with-haproxy/
https://groups.google.com/forum/#!topic/presto-users/yGoKlEa8kFk – Google group conversation talking about multi-coordinator usage, Route53 for Amazon, and HA Proxy usage.
https://groups.google.com/forum/#!topic/presto-users/XKcQrtOKLrs – Another google group conversation talking about HA in Presto (and HA proxy).
https://github.com/prestodb/presto/blob/master/presto-main/src/main/java/com/facebook/presto/execution/SqlTaskManager.java – Source code for Presto showing coordinator affinity warning message.

Coding Stream of Consciousness

by John Humphreys – Random code from my life.

Tag Archives: haproxy